amuck-landowner

Dear Spamhaus, why can't you group providers right?

drmike

100% Tier-1 Gogent
Dear Spamhaus,

Why can't you group providers right?

Spamhaus is a site all the company owners around here are likely familiar with.  Lists bad behaving networks with spam activity.  Groups of dirty IPs.

http://www.spamhaus.org/sbl/listings/velocity-servers.net

That shows, 18 current entries.

http://www.spamhaus.org/sbl/listings/chicagovps.net

That shows, 9 current entries.

The problem is, ChicagoVPS is 100% ColoCrossing through and through.  Same IPs, same ownership, even share same fricking offices.

ChicagoVPS isn't very quick or caring about their soiled IPs.  Oldest entry goes all the way back to September 9, 2013.  The most recent active entry is March 30, 2014. Of the 9 entries 5 have the distinction of big yellow boxes and red triangles with exclamation points for being ROKSO gang spammers.

I want Spamhaus to combine these entries and shove them under ColoCrossing/Velocity-servers, the owner of the IPs.

What does everyone else think?
 

Virtovo

New Member
Verified Provider
Although I can see how their close ties may make cycling IPs easier and obscuring abuse; however as it stands they are separate entities and there has been no proof to say otherwise.
 

drmike

100% Tier-1 Gogent
Yeah but every other provider - well all I've checked on CC's network, get bundled under Velocity.  Not broken out like CVPS.  Something rather strange with this one.
 

drmike

100% Tier-1 Gogent
To this point, on Velocity's listings:

SBL219336 23.249.160.24/32 velocity-servers.net
12-Apr-2014 11:13 GMT Snowshoe spam source - VPS ACE

SBL219280 192.227.182.155/32 velocity-servers.net
11-Apr-2014 20:48 GMT Snowshoe spam source - Cloud Shards

SBL219250 172.245.240.36/32 velocity-servers.net
11-Apr-2014 13:46 GMT Snowshoe spam source - Hudson Valley Host

SBL219191 23.94.101.128/25 velocity-servers.net
11-Apr-2014 08:44 GMT Repeatedly hosting snowshoers - ElectricByte

SBL218094 192.227.172.192/26 velocity-servers.net
31-Mar-2014 22:08 GMT Spam source - ChicagoVPS


Lookie there.... Even CVPS once in a while gets included...

Strange.
 

AlexBarakov

Member
Verified Provider
Isn't there another thread about that already?

On the other side, I am still waiting on Spamhaus to respond on request for removal of a block, that is not on CC's network.  ;)
 

Francisco

Company Lube
Verified Provider
Isn't there another thread about that already?

On the other side, I am still waiting on Spamhaus to respond on request for removal of a block, that is not on CC's network.  ;)
In your case you'll likely need to get your ISP to handle it.

They don't really like dealing with customers of the networks much as it could lead to the customer

trying to slip under the radar if the network owner is oblivious of the listings.

Senderbase gives you a really solid outlook into what's going on in Buffalo. There's countless IP's at

senderbase that are still alive and well....pushing mountains of spam and haven't been delisted.

Spamhaus doesn't take "other" BL's into consideration for listings, though, and that just means said

spammers have a spamhaus free mailing list to go off.

Francisco
 
Last edited by a moderator:

AlexBarakov

Member
Verified Provider
In your case you'll likely need to get your ISP to handle it.


They don't really like dealing with customers of the networks much as it could lead to the customer


trying to slip under the radar if the network owner is oblivious of the listings.


Senderbase gives you a really solid outlook into what's going on in Buffalo. There's countless IP's at


senderbase that are still alive and well....pushing mountains of spam and haven't been delisted.


Spamhaus doesn't take "other" BL's into consideration for listings, though, and that just means said


spammers have a spamhaus free mailing list to go off.


Francisco
Well, that's quite unreasonable :) . A huge load of the EU businesses get their PI IP space from their LIRs. Why would I have to get my provider deal with them, when I am operating with those IPs and are SWIPd udner my company's name?

I'll wait a little bit longer, though, will see if I get a proper response from them, on my emails.
 

Francisco

Company Lube
Verified Provider
RIPE is nothing like ARIN when it comes to allocations.

There is no local state LIR's that provide local allocations, it's all ARIN.

When IP's get spam'listed they usually get pushed to the direct subnet and if that doesn't work, to the

LIR. If that fails, they will mark it to RIPE and you best find new space.

Francisco
 

AlexBarakov

Member
Verified Provider
RIPE is nothing like ARIN when it comes to allocations.


There is no local state LIR's that provide local allocations, it's all ARIN.


When IP's get spam'listed they usually get pushed to the direct subnet and if that doesn't work, to the


LIR. If that fails, they will mark it to RIPE and you best find new space.


Francisco
Not exactly sure what I've read, however do you mean that there are no local RIPE LIR's, or? Cause I am quite sure that my IPs are from a RIPE LIR.
 

Kruno

New Member
Verified Provider
Not exactly sure what I've read, however do you mean that there are no local RIPE LIR's, or? Cause I am quite sure that my IPs are from a RIPE LIR.
Spamhaus goes after ASN owner. If you have RIPE PI or swip'd PA(at least /24) you may be able to arrange something with spamhaus directly and they will contact you directly in the future. Speaking from experience. Of course, there may be some exceptions here and there.
 
Last edited by a moderator:

AlexBarakov

Member
Verified Provider
Spamhaus goes after ASN owner. If you have RIPE PI or swip'd PA(at least /24) you may be able to arrange something with spamhaus directly and they will contact you directly in the future. Speaking from experience. Of course, there may be some exceptions here and there.
Just had the listings removed, an hour ago :)

Something I didn't take in consideration - saturday and sunday are not workdays and they operate on US timezones. So yeah.
 

mtwiscool

New Member
Love not being on that list, hard work usually pays off. 
you do know spamhaus lists people with no warnings?

Its a stupid case of punishment with no proof as it blocks you from sending emails to mail server owned by people like Hotmail and gmail.

INCERO your actions prove your scared of them, and this is proved by your actions.

Spamhaus treat webmasters like trash.
 

ryanarp

Catalyst Host
Verified Provider
you do know spamhaus lists people with no warnings?

Its a stupid case of punishment with no proof as it blocks you from sending emails to mail server owned by people like Hotmail and gmail.

Spamhaus treat webmasters like trash.
I do know this, I was talking about the list that @Mun pointed out, not the website as a whole. 

I have never known a IP to get blacklisted without proof. Last I checked there wasn't a random drawing to determine what IP will get blacklisted today. 

Generally I haven't had a issue with Spamhaus, granted everyone has a different approach on SPAM. 
 

drmike

100% Tier-1 Gogent
http://www.senderbase.org/static/spam/#tab=2

@colocrossing in #2 for worst IP in the whole world.

@crisis Solutions #4
I can't replicate your findings :(  Guess these change on live or daily basis.

ColoCrossing is ~ 4th right now.

But they are first if you sort by domains... More domains spamming than anyone else.

ColoCrossing    7.8    52.8% ↑    271 domains

This domains part is defined as:

"Number of Domains


Number of email sending domains associated with the network owner."
 

drmike

100% Tier-1 Gogent
Also interesting is place #11 when sorting by domains:

B2 Net Solutions

6.9

-31.3% down.gif47

B2 Net Solutions is a ColoCrossing customer, uses CC's Sheridan Road address as their own, uses CC's Buffalo datacenter address as their own, uses CC's IPs, engages in mass IP hoarding also...  and are literally best friends with Jon Biloh - plus are local to CC HQ's / Biloh's backyard.

What's the random chance of this happening naturally without a concerted effort to appeal to and sell to spammers? ZERO.
 

Francisco

Company Lube
Verified Provider
They're #1 right now.

See, the bad part is that there's historical showing it hasn't improved at all. Infact it has increased 50% in the past 24 hours, if you take senderbase as truth.

I dunno, you can scan over the RDNS entries they show and it's so obviously spam that you can tell

that CC's either straight up "Need some IP's?" or not doing their part in monitoring

their own network.

B2's on the way down so it's possible they're cleaning up their act but I dunno...

Francisco
 
Top
amuck-landowner